1. Field of the Disclosure
The present disclosure relates generally to authentication.
2. Description of the Related Art
It is often desirable to make computing resources available to only authorized users, for instance to protect against malicious users and programs and to prevent overutilization of the resources. However, the computing resources should be available to authorized users and programs, and different computing resources may need different levels of security. Making the resources available to different users and programs is made more complicated because the resources may need to be accessed across multiple security domains, different security services may be used to secure the resources, and different software platforms may be used to interface with the security services.
Computing environments provide some standardized tools to help solve these issues. In a Java® environment, the Java Authentication and Authorization Service (JAAS) provides a security framework that enables developers to authenticate users and enforce access controls upon users. JAAS also standardizes interfaces and abstracts underlying authentication and authorization mechanisms. JAAS login modules do the actual authentication and authorization. However, login modules need to be determined before or at the time the virtual machine is started because login modules cannot be added or removed dynamically while the virtual machine is running. For example, OSGi platforms require the login modules provided by JAAS to be in the classpath of JAAS. In the Java Virtual Machine, the classpath includes directories or JAR files where the java compiler/runtime will look for .class files. For example, “example.class” will not be found by the Java Virtual Machine unless the classpath includes the directory or JAR file that includes “example.class”. Thus, the login modules must be added to the classpath before the Java Virtual Machine is started, which in turn prevents the dynamic addition and removal of login modules.